vpnc

nilleso · 08-29-2005, 03:43 PM

I've been putting off migrating from kernel 2.4 to 2.6 because of multiple failed attempts at getting my corporate VPN connection working. I could only get it working with 2.4.25 and cisco's vpnclient 4.0.5b

I made the plunge (2.6.12-r8) ... but after much work, I've given up on getting cisco's vpnclient (any version) to work. So I've been trying to get vpnc working instead... and I guess because I'm no networking guru - I'm not having any luck. vpnc documentation is hard to find so I was hoping some helpful LQ'er could assist.

With the cisco client, I just needed my connection profile, my personal cert, and my corporate CA cert.
I have no idea how to make this work with vpnc/kvpnc. I can import the profile but I cannot see how to import the two cert's (pfx and .cer)
I am connecting to a Cisco 3060 VPN concentrator.

Can someone please help and/or point me in the right direction??
thanks.

nilleso · 08-31-2005, 09:34 PM

+bump+

c'mon folks... someone must have something to offer. Is no one using vpnc to connect to a cisco concentrator via cert authentication?!?!
If not vpnc, I would be open to any other suggestions... [even getting vpnclient working with 2.6.12]
It's getting quite urgent.
TIA

carl.waldbieser · 09-01-2005, 12:18 AM

Quote:

Originally posted by nilleso
+bump+

c'mon folks... someone must have something to offer. Is no one using vpnc to connect to a cisco concentrator via cert authentication?!?!
If not vpnc, I would be open to any other suggestions... [even getting vpnclient working with 2.6.12]
It's getting quite urgent.
TIA

I got vpnc to work for some sites. Others wouldn't work, and I am not sure why. The .pfx file should have all the info you need to set up your vpnc config file. Here is the example from the man pages:

Code:

              
IPSec gateway vpn.rwth-aachen.de
IPSec ID MoPS
IPSec secret mopsWLAN
Xauth username abcdef
Xauth password 123456

You just save a file somewhere with this format, but plug in all your info from the .pfx file (server address, Group name, group password, user name, user password). Then you issue

Code:

# vpnc theconfig.conf

The vpn should start up, and it should tell you the PID. You'll probably need to add a route at this point (to the tun0 device). To end the connection, just

Code:

# kill -HUP thepid

nilleso · 09-01-2005, 08:30 AM

Quote:

The .pfx file should have all the info you need to set up your vpnc config file. Here is the example from the man pages:

The .PCF file has the connection profile kind of info. BUT.. this is certificate based, so I cannot use the config you're suggesting. There is no group name/passwd, no username ....
with this kind of Cisco setup it authenticates you based on your unique personal certificate.

any site's like this?

carl.waldbieser · 09-01-2005, 05:08 PM

Quote:

Originally posted by nilleso
The .PCF file has the connection profile kind of info. BUT.. this is certificate based, so I cannot use the config you're suggesting. There is no group name/passwd, no username ....
with this kind of Cisco setup it authenticates you based on your unique personal certificate.

any site's like this?

Looks like this has not been implemented, yet: http://svn.unix-ag.uni-kl.de/vpnc/trunk/TODO (search the page for "certificate").

nilleso · 09-02-2005, 08:56 AM

any other clients suggested for this type of connection?

..or can someone point me in the right direction to get cisco's vpnclient working with kernel 2.6.12-r8?
vpnclient 4.6.02-0030 and 4.6.02-0190 are both not working. cisco_ipsec module is fine... just hanging at 'initializing'

nilleso · 09-22-2005, 09:34 PM

really? no one can help?
I didn't think this would be so terribly difficult for LQ'ers ... we need more Cisco VPN knowledge around here